| OSVDB ID | Disclosure Date | Title |
|---|
|
32743
Description:
FirePass contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'topblue', 'midblue', 'wtopblue', 'h321', 'h311' and 'h312' variables upon submission to the 'vdesk/admincon/index.php' script when using the 'per' action. Other unspecified variable may also be affected. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2007-01-05
|
F5 FirePass vdesk/admincon/index.php per Action Multiple Parameter XSS
|
|
32741
Description:
FirePass contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'app_name' and 'app_param' variables upon submission to the 'vdesk/admincon/webyfiers.php' script when using the 'per' action. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2007-01-05
|
F5 FirePass vdesk/admincon/webyfiers.php Multiple Parameter XSS
|
|
47232
Description:
(Description Provided by CVE) : The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
|
2008-07-16
|
F5 Multiple Product DNS Query ID Field Prediction Cache Poisoning
|
|
82780
Description:
Multiple F5 products contain a flaw related to SSH that may allow an attacker to gain access to unauthorized privileges. The issue is due to F5 devices shipping with a private SSH key that is publicly known. By using the associated public key, anyone can authenticate to the device with super user privileges.
|
2012-06-07
|
F5 Multiple Product Published SSH Private Key Remote Authentication Bypass
|
|
62144
Description:
(Description Provided by CVE) : The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
|
2010-02-05
|
F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS
|
|
60972
Description:
Unknown / Incomplete
|
2009-12-14
|
F5 Multiple Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection
|
|
75941
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
|
2011-09-24
|
F8 Lite Theme for Wordpress Unspecified Script s Parameter XSS
|
|
26104
Description:
F@cile Interactive Web contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'lang\' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-05-27
|
F@cile Interactive Web index.php lang Parameter XSS
|
|
26105
Description:
F@cile Interactive Web contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'myskin\' variable upon submission to multiple instances of the index.inc.php script in various /p-themes/ directories. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-05-27
|
F@cile Interactive Web Multiple p-themes Directory index.inc.php myskin Parameter XSS
|
|
26103
Description:
F@cile Interactive Web contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts in the /p-themes/ hierarchy not properly sanitizing user input supplied to the \'mytheme\' variable of the respective index.inc.php script. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script or disclose the contents of arbitrary files on the system.
|
2006-05-27
|
F@cile Interactive Web Multiple p-themes Directory index.inc.php mytheme Parameter Remote File Inclusion
|
|
26102
Description:
F@cile Interactive Web contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to p-editbox.php script not properly sanitizing user input supplied to the \'pathfile\' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script or disclose the contents of arbitrary files on the system.
|
2006-05-27
|
F@cile Interactive Web p-editbox.php pathfile Parameter Remote File Inclusion
|
|
26101
Description:
F@cile Interactive Web contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the p-editpage.php script not properly sanitizing user input supplied to the \'pathfile\' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script or disclose the contents of arbitrary files on the system.
|
2006-05-27
|
F@cile Interactive Web p-editpage.php pathfile Parameter Remote File Inclusion
|
|
26100
Description:
F@cile Interactive Web contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to p-popupgallery.php script not properly sanitizing user input supplied to the \'l\' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2006-05-27
|
F@cile Interactive Web p-popupgallery.php l Parameter Remote File Inclusion
|
|
48430
Description:
Unknown / Incomplete
|
1999-12-19
|
FAAC aac_qc.c Unpsecified Memory Overflow
|
|
48431
Description:
Unknown / Incomplete
|
2003-11-16
|
FAAC Unspecified Thread-safety Issues
|
|
48349
Description:
Unknown / Incomplete
|
2008-09-16
|
FAAD2 CLI Frontend Decoder Library File Handling Overflow
|
|
48490
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.
|
2008-09-16
|
Faad2 frontend/main.c decodeMP4file() Function Crafted MPEG-4 File Handling Overflow
|
|
81605
Description:
Fabran CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the index.php script not properly sanitizing user input supplied to the 'p' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2012-04-27
|
Fabran CMS index.php p Parameter SQL Injection
|
|
74190
Description:
(Description Provided by CVE) : Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
|
2011-06-02
|
Fabric Multiple Temporary File Symlink Arbitrary File Overwrite
|
|
64758
Description:
(Description Provided by CVE) : Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
2010-04-06
|
Fabrik Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access
|
|
77371
Description:
(Description Provided by CVE) : Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
|
2011-09-23
|
Fabrik Component for Joomla! models/importcsv.php File Upload Remote PHP Code Execution
|
|
73832
Description:
Fabrik Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-07-12
|
Fabrik Component for Joomla! Unspecified SQL Injection
|
|
34837
Description:
(Description Provided by CVE) : FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.
|
2007-04-12
|
FAC Guestbook Gdb.mdb / gbdb.mdb Direct Request Database Disclosure
|
|
22922
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p.
|
2006-01-26
|
Face Control vis.pl Multiple Parameter Traversal Arbitrary File Access
|
|
67162
Description:
Unknown / Incomplete
|
2010-05-13
|
Facebook App for iPhone Message Body Content XSS
|
|
88900
Description:
Facebook Camera for iOS contains a flaw that is triggered when the program fails to validate SSL certificates. This may allow a remote attacker to spoof a valid server and conduct a man-in-the-middle attack.
|
2012-12-21
|
Facebook Camera for iOS SSL Certificate Validation MitM Spoofing Weakness
|
|
80863
Description:
Facebook Connect to TYPO3 (facebook2t3) Extension for TYPO3 contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue could bypass the need to authenticate to access restricted resources.
|
2012-03-28
|
Facebook Connect to TYPO3 (facebook2t3) Extension for TYPO3 Unspecified Authentication Bypass
|
|
79057
Description:
Unknown / Incomplete
|
2010-11-28
|
Facebook for Android / iPhone Personal Information Local Disclosure
|
|
89065
Description:
Facebook for Android contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered by the continuation_intent being called with the permissions of the facebook application. This may allow a local attacker to gain access to potentially sensitive information stored in the /data/data/com.facebook.katana directory.
|
2013-01-07
|
Facebook for Android continuation_intent Local Information Disclosure
|
|
83784
Description:
Facebook App for iPhone contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program stores authentication credential information in plaintext in the .plist file, which will disclose potentially sensitive credential information to a local attacker.
|
2012-04-09
|
Facebook for iPhone .plist User Authentication Credentials Local Disclosure
|
